SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
To donate by check, phone, or other method, see our More Ways to Give page.
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
(Photo: Merrill College of Journalism/flickr/cc)
How do you kill a zombie bill like CISA? Grassroots action. That's why EFF and over a dozen other groups are asking you to join us in a Week of Action to Stop CISA. The Senate is likely to vote on the Cybersecurity Information Sharing Act (CISA) in the coming weeks, and only you can help us stop it.
How do you kill a zombie bill like CISA? Grassroots action. That's why EFF and over a dozen other groups are asking you to join us in a Week of Action to Stop CISA. The Senate is likely to vote on the Cybersecurity Information Sharing Act (CISA) in the coming weeks, and only you can help us stop it.
We keep hearing that CISA and the other "cybersecurity" bills moving through Congress are "must-pass" legislation. But just like the original version of CISA, the Cyber Intelligence Sharing and Protection Act (CISPA), we think grassroots activism can stop this legislation in its tracks.
CISA is fundamentally flawed because of its broad immunity clauses for companies, vague definitions, and aggressive spying powers. Combined, they make the bill a surveillance bill in disguise. The bill may even make things worse for Internet users in several ways. That's why we're launching a week of action to make sure Congress is getting the message loud and clear: CISA must not pass.
EFF and our allies have been hard at work fighting Congress' cyber surveillance bills. But the most important voices are yours. Here's how to help:
With your help, we'll make sure Congress gets the message: now more than ever, we don't need more cyber surveillance. We need better security. CISA must be defeated because it may make things worse for Internet users in several ways:
CISA allows companies to monitor their information systems for broadly-defined threats. Moreover, and equally alarming, the bill authorizes companies to launch countermeasures against perceived attackers, without any safeguards. While it prohibits measures that cause "substantial harm," it's unclear exactly what substantial is, leaving open the possibility of measures that cause a significant degree of harm. A letter sent in March by over 25 groups opposing CISA pointed out that, "CISA permits companies to recklessly deploy countermeasures that damage networks belonging to innocent bystanders."
As if the new authorities weren't enough, the bill's broad definitions grant companies even more discretion to decide when to go on the offense against perceived threats. For example, "cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of information or an information system.
Not only does CISA grant companies more power to obtain "cyber threat indicators" and to disclose that data to the government without a warrant--it requires real time sharing of that information to military and intelligence agencies, including the NSA. In other words, cyber threat indicators shared with any agency would be automatically shared with the NSA--all without requiring companies to strip out personally identifying information.
To make matters worse, CISA grants the government too much discretion in how to use the information for non-cybersecurity purposes. It also contains exemptions to the Freedom of Information Act, which will keep the public in the dark about what information is being collected, shared, or used.
Finally, CISA would create incredibly broad immunity for companies that engage in any of the activities authorized by the bill. This is especially concerning because of the bill's lack of protection for private information and the ability to launch countermeasures. Any company that merely does significant (but not "substantial") harm to innocent people or machines will not be liable in court.
Dear Common Dreams reader, The U.S. is on a fast track to authoritarianism like nothing I've ever seen. Meanwhile, corporate news outlets are utterly capitulating to Trump, twisting their coverage to avoid drawing his ire while lining up to stuff cash in his pockets. That's why I believe that Common Dreams is doing the best and most consequential reporting that we've ever done. Our small but mighty team is a progressive reporting powerhouse, covering the news every day that the corporate media never will. Our mission has always been simple: To inform. To inspire. And to ignite change for the common good. Now here's the key piece that I want all our readers to understand: None of this would be possible without your financial support. That's not just some fundraising cliche. It's the absolute and literal truth. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. Will you donate now to help power the nonprofit, independent reporting of Common Dreams? Thank you for being a vital member of our community. Together, we can keep independent journalism alive when it’s needed most. - Craig Brown, Co-founder |
How do you kill a zombie bill like CISA? Grassroots action. That's why EFF and over a dozen other groups are asking you to join us in a Week of Action to Stop CISA. The Senate is likely to vote on the Cybersecurity Information Sharing Act (CISA) in the coming weeks, and only you can help us stop it.
We keep hearing that CISA and the other "cybersecurity" bills moving through Congress are "must-pass" legislation. But just like the original version of CISA, the Cyber Intelligence Sharing and Protection Act (CISPA), we think grassroots activism can stop this legislation in its tracks.
CISA is fundamentally flawed because of its broad immunity clauses for companies, vague definitions, and aggressive spying powers. Combined, they make the bill a surveillance bill in disguise. The bill may even make things worse for Internet users in several ways. That's why we're launching a week of action to make sure Congress is getting the message loud and clear: CISA must not pass.
EFF and our allies have been hard at work fighting Congress' cyber surveillance bills. But the most important voices are yours. Here's how to help:
With your help, we'll make sure Congress gets the message: now more than ever, we don't need more cyber surveillance. We need better security. CISA must be defeated because it may make things worse for Internet users in several ways:
CISA allows companies to monitor their information systems for broadly-defined threats. Moreover, and equally alarming, the bill authorizes companies to launch countermeasures against perceived attackers, without any safeguards. While it prohibits measures that cause "substantial harm," it's unclear exactly what substantial is, leaving open the possibility of measures that cause a significant degree of harm. A letter sent in March by over 25 groups opposing CISA pointed out that, "CISA permits companies to recklessly deploy countermeasures that damage networks belonging to innocent bystanders."
As if the new authorities weren't enough, the bill's broad definitions grant companies even more discretion to decide when to go on the offense against perceived threats. For example, "cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of information or an information system.
Not only does CISA grant companies more power to obtain "cyber threat indicators" and to disclose that data to the government without a warrant--it requires real time sharing of that information to military and intelligence agencies, including the NSA. In other words, cyber threat indicators shared with any agency would be automatically shared with the NSA--all without requiring companies to strip out personally identifying information.
To make matters worse, CISA grants the government too much discretion in how to use the information for non-cybersecurity purposes. It also contains exemptions to the Freedom of Information Act, which will keep the public in the dark about what information is being collected, shared, or used.
Finally, CISA would create incredibly broad immunity for companies that engage in any of the activities authorized by the bill. This is especially concerning because of the bill's lack of protection for private information and the ability to launch countermeasures. Any company that merely does significant (but not "substantial") harm to innocent people or machines will not be liable in court.
How do you kill a zombie bill like CISA? Grassroots action. That's why EFF and over a dozen other groups are asking you to join us in a Week of Action to Stop CISA. The Senate is likely to vote on the Cybersecurity Information Sharing Act (CISA) in the coming weeks, and only you can help us stop it.
We keep hearing that CISA and the other "cybersecurity" bills moving through Congress are "must-pass" legislation. But just like the original version of CISA, the Cyber Intelligence Sharing and Protection Act (CISPA), we think grassroots activism can stop this legislation in its tracks.
CISA is fundamentally flawed because of its broad immunity clauses for companies, vague definitions, and aggressive spying powers. Combined, they make the bill a surveillance bill in disguise. The bill may even make things worse for Internet users in several ways. That's why we're launching a week of action to make sure Congress is getting the message loud and clear: CISA must not pass.
EFF and our allies have been hard at work fighting Congress' cyber surveillance bills. But the most important voices are yours. Here's how to help:
With your help, we'll make sure Congress gets the message: now more than ever, we don't need more cyber surveillance. We need better security. CISA must be defeated because it may make things worse for Internet users in several ways:
CISA allows companies to monitor their information systems for broadly-defined threats. Moreover, and equally alarming, the bill authorizes companies to launch countermeasures against perceived attackers, without any safeguards. While it prohibits measures that cause "substantial harm," it's unclear exactly what substantial is, leaving open the possibility of measures that cause a significant degree of harm. A letter sent in March by over 25 groups opposing CISA pointed out that, "CISA permits companies to recklessly deploy countermeasures that damage networks belonging to innocent bystanders."
As if the new authorities weren't enough, the bill's broad definitions grant companies even more discretion to decide when to go on the offense against perceived threats. For example, "cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of information or an information system.
Not only does CISA grant companies more power to obtain "cyber threat indicators" and to disclose that data to the government without a warrant--it requires real time sharing of that information to military and intelligence agencies, including the NSA. In other words, cyber threat indicators shared with any agency would be automatically shared with the NSA--all without requiring companies to strip out personally identifying information.
To make matters worse, CISA grants the government too much discretion in how to use the information for non-cybersecurity purposes. It also contains exemptions to the Freedom of Information Act, which will keep the public in the dark about what information is being collected, shared, or used.
Finally, CISA would create incredibly broad immunity for companies that engage in any of the activities authorized by the bill. This is especially concerning because of the bill's lack of protection for private information and the ability to launch countermeasures. Any company that merely does significant (but not "substantial") harm to innocent people or machines will not be liable in court.